Atlantic Council Cybersecurity Conference

The following was sent to me by Jacques Gansler, from the School of Public Policy, and I thought it might be of general interest so I'm re-posting here with his permission.

On Dec. 8th, I went to a Cyber Security conference that was seen by the "Atlantic Council" (I am a Director) and sponsored by SAIC, and held at the "Spy Museum".  (Mike adds: see http://www.acus.org/program/cyber-statecraft-initiative but there's no link for the conference event itself.)

Of course, I discussed the MC2 (including with SAIC key players-since they are one of our sponsors); but I was particularly impressed by the mix of attendees-- both U.S. and international; and both "wonks" (policy) and "geeks"(techies). Clearly, this topic is great, and widespread, interest (to industry, government, and academic-here and abroad).

The main messages that came out of the meeting were:

·         It is both a technical and (even more) a policy issues;
·         It requires senior-level government involvement and commitment (including of resources);
·         It must be multinational;
·         It must involve public/private partnerships (which is happening in some countries), but far too little in the US).

When the report (of the meeting) comes out, I'll send it around.

Cukier & Maimon's Research Highlighted

Michel Cukier and David Maimon have been conducting some impressive interdisciplinary cybersecurity research for some time now. For those of you who don't know them, Michel is an Associate Professor of Reliability Engieerning and David is an Assistant Professor of Criminology and Criminal Justice.

Michel and David are applying criminological concepts and research methods in the study of cybercrime and generating recommendations for IT managers to leverage to better prevent exploits on their own networks.

For more information see the below release, which was picked up by hundreds of other media outlets:

http://www.it.umd.edu/html/news/news_story.php?id=6141

Doug Maughan talk

Dr. Doug Maughan, Director, Cyber Security Division Department of Homeland Security, spoke at the Google Symposium on Thursday.  His talk was extremely well attended and generated quite a bit of discussion.


The slides for the talk are available here:


http://www.cs.umd.edu/~mwh/UMD-Google-Maughan-1Dec2011.pptx


One useful takeway from the talk is this: DHS is different from DARPA, NSA, and other DOD-based agencies in that its focus is to protect the homeland.  For cybersecurity, this means DHS absolutely has to work with companies, so that they can protect their assets, which in aggregate are the nation's assets.  This focus has a couple of consequences.

First, classified research is a non-starter, since companies may not have the necessary classifications, and indeed want to support the broader, non-classified marketplace.  All DHS-supported research is open.

Second, DHS considers it a success if it can make a security-related business viable, so that that business improves the nation's security.  Therefore, it has extensive SBIR and STTR programs to support businesses.  One key success story is Komoku, founded Maryland's own Bill Arbaugh; Komoku was bought by Microsoft a few years back.  Interestingly, the DHS policy is that they don't want any intellectual property: a DHS-supported company keeps that property but then must either commercialize, or release their code etc. open source.

The flip-side of the business focus is that DHS does not support basic research (6.1 research in DOD parlance).  Instead it supports applied research up through development and testing.  Doug pointed out that STTRs should be attractive to academics who can partner with companies.  And their general focus is attractive to those wishing to commercialize their academically developed technology.

Several technical areas that Doug mentioned that struck me: he felt that software was at the root of most, if not all, of the security problems that DHS is considering.  Better software will make a dent in all these problems.  He also called out usability and metrics as key, underexplored areas.  Finally, he said DHS has plans to consider privacy in FY13.  I observe that MC2 has strength in all these areas.

Particular slides in the talk I found very useful are slides 7, 14, 19, 22, and 38.

Overall it was an interesting talk.  Let me know if you have questions or ideas after you've looked at the slides.  I'm very interested to hear them!

Doug's BIO:


Branch Chief in Homeland Security Advanced Research Projects Agency (HSARPA) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Doug is directing the Cyber Security Research and Development activities at HSARPA. Prior to his appointment at DHS, Doug was a Program Manager in the Advanced Technology Office (ATO) of the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. His research interests and related programs were in the areas of networking and information assurance.


Prior to his appointment at DARPA, Doug worked for the National Security Agency (NSA) as a senior computer scientist and led several research teams performing network security research. Doug received bachelors degrees in Computer Science and Applied Statistics from Utah State University, a master's degree in Computer Science from Johns Hopkins University, and a PhD in Computer Science from the University of Maryland, Baltimore County (UMBC).


Doug's Blog:


See, e.g., I also found that Doug runs a blog; here's a recent post: http://blog.dhs.gov/2011/10/science-and-technology-directorate-wins.html

Cyberpoint

Just had a nice dinner with two engineers from Cyberpoint, a cybersecurity company located in Baltimore. One of them, Mike West, I've known since the two of us worked at ARINC nearly 20 years ago.  Cyberpoint seems to be doing really interesting things, with a culture that values research, and I'm optimistic that MC2 will find ways to work with them that benefit all parties.

Tudor Dumitras of Symantec

Tudor Dumitras of Symantec's Research Lab in Herndon, VA (near Dulles airport) gave a talk on Friday morning about Symantec's WINE (Worldwide Intelligence Network Environment) dataset.  


Slides for a longer version of the talk are available, but here's a brief synopsis.

WINE's data sets are collected primarily by Symantec’s anti-virus products installed on millions of hosts worldwide.  Collected data contains malware samples, A/V and IPS results (i.e., which positive signatures have been discovered, what IP address they were from, what process they were targeting, etc.), spam samples, and binary and URL reputation data.  The latter is gathered by tracking unknown binaries installed on a user's machine, or URLs visited, and then correlating those installs/visits with negative or positive behavior that ensues.  They also gather URL data with a web crawler that looks for web sites engaged in attacks such as drive-by downloads (also accessible at safeweb.norton.com).  They are in the process of adding data from Android Norton, too, and have included some open source data sets in the collection (e.g., the open source vulnerability database).

All of this data is available for periods of several years, enabling historical comparisons to be made.

Researchers access the data at Symantec's site in Herndon (or at another site in California) and set up experiment scripts aimed to be reproducible by running on virtual machines in tightly controlled environments.  So far the data has been used for a variety of purposes, e.g., tracking the dissemination of Stuxnet and a variant of it, and for the development of a "cyber benchmark" (work in progress with  Leyla Bilge), among other applications (which he didn't talk about).

If you are interested in this data set and potential collaborative research with Symantec Labs, please let me know.  I think this is an interesting opportunity.

Upcoming talks

The next Google seminar talk will be given on December 1 at 5:30pm by Douglas Maughan of DHS, titled "Current R&D Initiatives in Cybersecurity."  Details here: http://goo.gl/sMxza.


Another talk that may be of interest will be given in Arlington also on December 1 from 1-2pm by Prof. Fred B. Schneider of Cornell as part of the Air Force Office of Scientific Research (AFOSR) 60th anniversary celebration.  The title of the talk is not yet available, but I expect it will be about Fred's Blueprint for a Science of Cybersecurity. Registration for this talk is here http://events.SignUp4.com/AFOSRDecember-Schneider

DARPA Cyber Colloquium presentations

I just learned that DARPA's presentations from the Cyber Colloquium (which I blogged about earlier) are now available on-line.  I'd definitely recommend Dan Kaufman's slides, the first one listed.